Hi everyone! This post is a compilation of commonly used commands or shortcuts on Windbg. I hope they will be useful to you.
By the way, if you need to use a kernel debugger, a tool I would recommend is VirtualKD-Redux which makes your life easier. There is already a documentation of the installation steps on its GitHub page.
Shortcuts
| Description | Shortcut |
| Attach to process | F6 |
| Debug restart | CTRL+SHIFT+F5 |
| Open executable | CTRL+E |
| Open source code file | CTRL+O |
| Step-into | F11 |
| Step-over | F10 |
Commands
In WinDBG, all values are represented in hexadecimal. Do not include “0x” in the command.
| Purpose | Command |
| Clear breakpoint | bc <breakpoint id> |
| Display memory (ASCII string|Byte|Dword|Pointer with Symbols|Unicode string|Word) | d{a|b|d|ps|u|w} <register/address> Example display memory of EAX in DWORD: dd eax |
| Display type | dt <object name or address> |
| Execute till the next RET instruction | pt |
| Quit | q |
| List loaded modules | lm |
| Verbose on symbols | !sym noisy |
| Reload module(s)’ symbol | .reload {/i <module name} Default reloads all modules. Specify /i flag and module name for specific module. |
| Set breakpoint | bp <program name> + <offset from relative address in hexadecimal without “0x”> |
| See breakpoints | bl |
| See assembly code before the specified address | ub <address/register> |
| See assembly code at and after the specified address | u <address/register> |
| See specific loaded module’s info | lmvm <module name> |
| Start/Continue execution | g |
| Step into | t |
| Step over | p |
I hope these tabs have been helpful to you. Feel free to leave any comments below. You may also send me some tips if you like my work and want to see more of such content. Funds will mostly be used for my boba milk tea addiction. The link is here. 🙂
Lamecarrot 